articles

Hacking an Election

One of the dichotomies in the information security landscape is neatly exhibited in a couple of patchwork systems. Our hodgepodge national data breach notifications laws show the disadvantages of decentralized standards, on the one hand. Conversely, it is that same type of fragmentation that provides a substantial benefit when it comes time for us to vote. Despite the cries of many candidates and their supporters in recent years, Donald Trump included, rigging the election is not the inevitability they would have you believe. Voter fraud is not even a blip on the radar, let alone a pandemic, and tampering with the voting machines would be pretty much impossible. On top of that, states and cities each set up their own voting systems, not the federal government. In this case, the patchwork is a good thing, preventing hackers from having a clear, single target to compromise in hopes of affecting the election.

So, as Zeynep Tufekci at the New York Times emphasizes, any potential battleground or cause for concern will not be in rigging, but in hacking. I know, it sounds counterintuitive to what I just said about hackers being prevented from tampering with the election, but the risk in this case is on a local, rather than national level. Since individual states and cities are responsible for their own voting systems, the risk becomes that one of these more local elections could be a target. It’s especially worrisome in locations that retain subpar, almost arcade-like machines, and run operating systems like Windows 2000, which no longer receive fixes for security flaws. Georgia, for instance, is one that that uses these vulnerable methods, according to a report from the Brennan Center for Justice. Worse, the lack of a paper trail resulting from exclusively electronic systems makes post-election audits impossible, in the event of questions over the outcome.

To solve this issue, according to Tufekci, a combination of paper ballots and optical scan equipment is the best solution, which is already employed in states like Connecticut. In Connecticut, there are 169 towns each in charge of running their elections, and none of them are connected to the Internet, making any kind of large scale hack unlikely. Indeed, the optical scanners can’t go online, and state officials have resisted recent pressure to “upgrade.” Both the ballots and the scanners’ memory cards thus leave the necessary paper trail.

Other jurisdictions would do well to enhance the security and integrity of their voting process in this manner, because while the rate of actual voter fraud in the US may be close to zero, we’ve already seen in this very election how cyber intruders can hack their way to making a significant impact.